a65fbeb3b3
This PR adds a secondary path for cleaning up iptables created for an allocation when the normal CNI library fails to do so. This typically happens when the state of the pause container is unexpected - e.g. deleted out of band from Nomad. Before, the iptables rules would be leaked which could lead to unexpected nat routing behavior later on (in addition to leaked resources). With this change, we scan for the rules created on behalf of the allocation being GC'd and delete them. Fixes #6385
4 lines
81 B
Plaintext
4 lines
81 B
Plaintext
```release-note:improvement
|
|
client: detect and cleanup leaked iptables rules
|
|
```
|